SSA balances service, citizen privacy at PEBES site

Nov 10, 1997

Any citizen with World Wide Web access could request and receive from http://www.ssa.gov a Personal Earnings and Benefit Estimate Statement. Until then, PEBES could be requested online, but the results were sent via regular mail.

A PEBES is a year-by-year listing of a worker's earnings history and future Social Security benefits. It is a valuable financial planning tool and essential for anyone who is counting on Social Security benefits after they retire. During fiscal 1996, 3.4 million workers requested a copy of their PEBES.

Despite the popularity and novelty of this innovative application, SSA closed down the service in April in the face of criticism that the agency had not implemented sufficient privacy and security safeguards for this application. All you needed to get a PEBES was birth date, Social Security number and mother's maiden name--data that is not difficult to acquire.

They may not have realized it, but the critics were really railing against the sloppy lack of protection for personal data in commercial files. Anyone with a little money or skill could collect authentication information from commercial sources. If all holders of personal data were as conscientious as SSA, this whole matter would have been a smaller concern.

Panelists at SSA's public forum noted that SSA had a legal right to the data, so it is not given voluntarily. Yet people who apply for a mortgage or business loan--or even a garden-variety credit card--usually feel they have no alternative but to surrender their entire life history. Moreover, commercial banks and businesses trade customer data the way baseball teams trade players. My mortgage has been sold an average of twice a year; I have no doubt that my entire personal database was sold with it. No telling how many potential mortgage buyers had access to my personal data each time my lender auctioned off my loan.

During May and June, SSA conducted public forums in six cities at which specialists in privacy, consumer advocacy and computer security gave their views. SSA also received 6,000 messages on PEBES via the Internet.

PEBES is back online with new, more stringent safeguards, but with less functionality. Users won't get their earning history online. Instead, SSA provides an activation code and reports via valid e-mail addresses to those who provide the five authentication matches. More privacy, less customer service.

SSA demonstrated sensitivity to privacy issues and dedication to the use of technology to better serve citizens. Many organizations would have thrown in the towel and shut down the application. Instead, SSA diligently tried to resolve the two objectives.

The report, "Privacy and Customer Service in the Electronic Age," is testimony to the care with which SSA sought to balance the objectives of privacy and service. The result is a valuable example for other government and commercial organizations considering similar online applications.

The report shows that SSA did not go blindly into this online Internet application. The agency commissioned an extensive systems security study from Los Alamos National Laboratory. SSA used a firewall to shield its mainframe computers, then hired consultants to breach its defenses. The attacks were unsuccessful, but SSA used the consultants' findings to identify and implement additional safeguards.

In the spring of 1996, SSA began a pilot program to provide hard-copy PEBES in response to a request via a Web form. For about a year, 175,000 users took advantage of this method. Many asked if SSA could make the report fully interactive.

In October 1996, SSA tested the interactive version with a limited number of testing partners. The online PEBES required a match of name, Social Security number, date of birth, state of birth and mother's maiden name. This was consistent with authentication requirements for telephone and written requests. No privacy concerns or breaches surfaced in these tests, so SSA began national testing in March 1997.

Meanwhile, I'm not holding my breath for my bank's version of "Privacy and Customer Service in the Electronic Age," nor do I expect it to host public forums, disclose its data usage or specify how it plans to protect my privacy. Armed with SSA's example, perhaps Congress should turn its attention to the freewheeling ways of the commercial data brokers.

SSA has my confidence.

Walter R. Houser, who has more than two decades of experience in federal information management, is webmaster for a Cabinet agency. His own Web home page is at http://www.cpcug.org/user/houser/.